﻿using System.Web.Mvc;
using System.Web.Security;

namespace MvcForum.Net.Bussiness
{
    public class ValidateAuthenticationAttribute : AuthorizeAttribute
    {
        public bool AdminRequired { get; set; }
        public override void OnAuthorization(AuthorizationContext _filterContext)
        {
            var _context = _filterContext.HttpContext;

            if (!ForumContext.Logined || (AdminRequired && !ForumContext.IsAdmin))
            {
                //use the current url for the redirect

                string _redirectOnSuccess = _context.Request.Url != null ? _context.Request.Url.AbsolutePath : "/";
                //send them off to the login page
                string _redirectUrl = string.Format("?ReturnUrl={0}", _redirectOnSuccess);
                string _loginUrl = FormsAuthentication.LoginUrl + _redirectUrl;
                _context.Response.Redirect(_loginUrl, true);

            }


        }
    }
}